1. Field of the Invention
The present invention relates to security mechanisms in communication networks. More specifically, the present invention relates to a method and an apparatus for authenticating data that is transmitted across a public network.
2. Related Art
Dramatic advances in computer technology presently make it possible to integrate a significant amount of computing power into small portable computing devices, such as cell phones and personal digital assistants (PDAs). This has led to a proliferation of networked devices over the past few years. Due to a large increase in the number of networked devices, the Internet Protocol version 4 (IPv4) address space, which is based on a 32-bit long address format, will soon run out of usable addresses. To solve this problem, Internet Protocol version 6 (IPv6) was proposed. IPv6 defines a 128-bit long address format, which is believed to provide a sufficient number of addresses to accommodate all networked devices.
As larger numbers of devices are able to communicate with each other across the Internet, a number of security threats can arise. One issue is the address ownership problem: how does one prove that a device legally owns an address (i.e., that the device is not stealing an address belonging to another device)?
A recently proposed Crypto-Based Identifier (CBID) scheme can be used to remedy this problem. CBIDs are derived from cryptographic keys. For example, a given device in a network can be associated with a unique private-public key pair, and the CBID can be derived from the public key. This derivation process can involve performing a secure hash on the device's public key and combining the result of the hash function with the device's network address to produce a CBID. As a result, a CBID can be verifiably associated with the device's public key and at the same time can contain address information of the device. The fact that a CBID contains both identification (i.e., part of the hash of the public key) and address information of a device allows one to verify the device's ownership of the address it is using.
However, verifying that a device owns an address it is using is not sufficient to bootstrap secure communications between end users. The problem can be illustrated by the following example: a user Alice uses device A, which is connected to the network, and she would like to establish communication with another user Bob using device B, which is connected to the same network. How can Alice be sure that she is communicating with Bob's device and not with any other device on the network (although she can be sure that device B legally owns the address it is using)? Alice and Bob may be thought of as being at a “cocktail party,” where any communications between device A and device B can be observed by any other devices at the same party. Moreover, there may be other cocktail party participants who are willing to publish their identifiers and to eavesdrop on the exchange between Alice and Bob. A malicious user operating a device, which legally owns the network address it is using, could pretend to be Bob and could hijack the traffic from Alice that is intended to go to Bob. Consequently, in order to bootstrap secure communications, one needs not only address-ownership verification, but also “user authentication,” which establishes a user's ownership of a device and thereby maps the device to the user.
User authentication can be accomplished through the public key infrastructure. However, one cannot always assume that the public key infrastructure is available. For example, when two users wish to communicate with each other through wireless devices, and the area they are located in does not have any wireless connectivity to the Internet, neither of the devices can access to an Internet-based public key infrastructure.
In the absence of a public key infrastructure, an alternative approach is to use existing authenticated (but not necessarily secret) human communication channels, such as visual or audio communications, to authenticate users and to bootstrap secure communications. For example, if Alice wishes to communicate with Bob through wireless devices in a public place, Alice's device needs to identify Bob's device. To achieve this, Bob can verbally communicate to Alice his device's address or identifier, which can be represented as a string of symbols, and Alice can then enter this string of symbols into her device. Although this process can be used to bootstrap secure communications between wireless devices, having a human enter a string of symbols into a device is a tedious and error-prone process, especially with 128-bit long IPv6 addresses.
Hence, what is needed is a method and an apparatus for authenticating users, in the absence of a public key infrastructure, and without requiring a user to enter a long string of symbols.